june 2018

march 2017

CityMayor is a game where you can collect cities and hold them to benefit from trades within your localities. It's Cryptokitties meets an ICO if you will. The whitepaper outlines the possible interaction and rules coded by the smart contract.

november 2013

september 2009

Lyon01 showcases events happening in the city of Lyon, France. In 2009-2010 Lyon01 gave away thousands of tickets to gigs and student parties through online contests. Lyon01's logo was printed on most fliers and posters around the city. The project is unfortunately dead.

~2006

~2005

One of my first blog. It's now made with Laravel, but it used to be made with Django, Rails, Code Igniter, Wordpress, ... It's changed a lot over the years, it's kind of my sandbox to learn something new.

january 2019

january 2019

january 2019

Learn Block Cipher Cryptanalysis. The page is unfinished as it was initially supposed to contain tutorials on how to perform linear and differential cryptanalysis on caesar and lightweight block ciphers as well.

December 2018

nQUIC is a variant of QUIC-TLS that uses the Noise protocol framework for its key exchange and basis of its packet protector with no semantic transport changes. The paper was published in EPIQ'18 by ACM.

december 2017

disco and libdisco are a modern plug-and-play secure protocol and a cryptographic library in Golang. It offers different ways of encrypting communications, as well as different cryptographic primitives for all of an application's needs. A paper was released on ePrint.

june 2016

Taking the point of view of the NSA's program BULLRUN to find ways on how to backdoor Diffie-Hellman in various protocol. Notably the ephemeral version of the algorithm in TLS implementations. A paper was published here.

April 2016

A Common Vulnerability Exposure found in the math bignum library of Go. This provokes a infinite loop that would have facilitated DoS attacks on TLS, SSH and some other custom protocols like the Let's Encrypt one.

january 2019

december 2018

A nicer page for RFC 8446: TLS 1.3. It includes summary videos for each sections, it hides all sections that are unnecessary to the implementation of TLS 1.3 only, it re-creates figures, it re-shapes the presentation of the original RFC, it also includes erratas. The original RFC being a static document this page is up-to-date.

october 2018

Today, SSL/TLS is the de-facto standard for encrypting communication. While its last version (1.3) is soon to be released, new actors in the field are introducing more modern and better designed protocols. This talk is about the past, the present and the future of session encryption. We will see how TLS led the way, how the Noise protocol framework allowed the standardization of more modern and targeted protocols and how the duplex construction helped change the status quo.

december 2017

This talk introduced the SHA-3 hash function as well as the two protocol frameworks Noise and Strobe. It then presented my work on Disco which is a protocol and a cryptographic library merging the two protocol frameworks. The work was released on www.discocrypto.com.

december 2017

I showed up at the OWASP meetup of London as the first crypto talk since ages. I took this opportunity to talk about the SHA-3 competition and about the different constructions that derived from it and that developers might find useful.

november 2017

Since Keccak has been selected as the winner of the SHA-3 competition in 2012, a myriad of different hash functions have been trending. From BLAKE2 to KangarooTwelve we’ll cover what hash functions are out there, what is being used, and what you should use. Extending hash functions, we’ll also discover STROBE, a symmetric protocol framework derived from SHA-3.

october 2017

This is a walk through of the Ethernaut capture-the-flag competition where each challenge was an ethereum smart contract you had to break. I did this at 2am in a hotel room in Romania and ended up not finishing the last challenge because I took too long and didn't want to re-record that part. Basically what I was missing in my malicious contract: a function to withdraw tokens from the victim contract (it would have work since I had a huge amount of token via the attack).

august 2017

Since Keccak has been selected as the winner of the SHA-3 competition in 2012, a myriad of different hash functions have been trending. From BLAKE2 to KangarooTwelve I covered what hash functions are out there, what is being used, and what people should use. Extending hash functions, I also quickly introduced STROBE, a symmetric protocol framework derived from SHA-3.

july 2015

april 2015

This video is an explanation of Coppersmith's attack on RSA, which was later simplified by Howgrave-Graham, and the later attack by Boneh and Durfee, simplified as well by Herrmann and May. Both use LLL, the lattice reduction algorithm of Lenstra Lenstra Lovasz.

july 2015

This is an explanation of the Kocher et al paper on Differential Power Analysis.

Sometimes the press talks about me.

+ December 1st 2018

In a paper published on Friday, "The 9 Lives of Bleichenbacher’s CAT: New Cache ATtacks on TLS Implementations," co-authors Eyal Ronen, Robert Gillham, Daniel Genkin, Adi Shamir, David Wong and Yuval Yarom describe an updated version of an attack, first outlined by Swiss cryptographer Daniel Bleichenbacher two decades ago.

+ June 21st 2018

+ June 8th 2018

+ June 1st 2018

+ December 19th 2017

The Logjam discovery was followed up by other researchers including NCC Group's David Wong, who in 2016 published this paper at IACR demonstrating a practical way to put a backdoor in weak Diffie-Hellman systems.

+ July 24th 2017

We talked to the cryptographer David Wong about crypto-related blogs worth reading and exploring in an interview. We also asked him about the changing landscape of the crypto-world and the awareness of IT security issues.